PCSecrets

PCSecrets is a PC application that holds information that you
want to keep secret - protected by a master password and strong
encryption.

The program is designed to be a PC counterpart of the SecretsforAndroid app. It uses the same data
structure and provides a synchronization mechanism that allows easy
transfer of secrets between the two. For those who find the personal
computer environment more comfortable for data entry and editing
(i.e. keyboard/mouse/screen technology), PCSecrets provides an
alternative environment for managing your secrets. Synchronization is
also effectively a form of backup.

Encryption

PCSecrets uses AES-256 bit encryption which is the strongest
commercially available encryption scheme. In addition it employs
bcrypt, an algorithm which implements key stretching with an adaptive
key setup phase.

The purpose of the bcrypt algorithm is to introduce artificial but
complex processing into the key hashing processes, processing that
takes a relatively large amount of time and delays the creation of
the encryption and decryption ciphers that will be used. In
PCSecrets, this setup phase is configured to take one second
(as measured on the current computer) which is not really perceptible
to the user. However, the result of this delay is that any attempt to
break the encryption by guessing the password is considerably slowed
down, since each password guess is forced to go through the same
processing to create the decryption key.

This makes it highly resistant to dictionary attack.

(See "key stretching" and "bcrypt" on Wikipedia
for more information.)

Features

Features of PCSecrets are:

the same strong encryption used by SecretsforAndroid

a form of cryptographicplausibledeniability,
whereby a hidden second set of secrets can exist that is
protected by a different password

written in Java, so can be executed on any system with a suitable
Java Virtual Machine

An individual secret is a collection of text fields. These have names
such as useridand password, and lend themselves
to data used to access Internet sites, but this is only a suggestion
and the fields can be used in any way you want. In particular, the
note field is provided as a catch-all for holding any
unstructured text. The exception is the first field, the description.
This is used as the name of the secret, and must be unique.

Compared with…

... other programs that will protect your secrets (normally
password-orientated). Two of the leading ones are:

LastPass

- keeps your secrets data in the cloud i.e. someone else controls it

- needs a server account for access, and browser add-ins to work

- doesn’t support mobiles (unless you pay)

KeePass

- has no synchronization mechanism as such across platforms. You need
to copy your secrets data from one platform/device to another (using
some external mechanism), thereby overwriting any changes you may
have made on the target platform.

Installation

For Windows, download and run the install.exe file. This process will
check that Java is installed.

For other platforms (Mac and Linux), download the zip file:

For Debian Linux (and derivatives, such as Ubuntu, Mint etc), there
is a simple shell script provided which will install the program
files in /usr/share and create an entry in the applications menu.

For other systems, the process is manual. You should copy the
PCSecrets jar file to your desktop or some other suitable
location, and mark it executable. If the default open action for a
.jar file on your computer is to open using the Java run-time, then
simply double-click on the jar file. Otherwise right-click on the
jar file and select the Java run-time to open with.

If Java is not installed then you will have to do this before running
PCSecrets. You can use the Oracle/Sun Java, or OpenJDK on
Linux. PCSecrets requires at least Java version 6, but the
latest Java version 7 is recommended. If you have Java 6 installed,
you would be advised to replace it with the latest Java 7 as there
are known to be security issues with the earlier versions. There are
also problems with the Nimbus UI Look and Feel (the best looking
interface) with Java 6 prior to version 1.6.10.

The program needs network access to allow synchronization with
SecretsforAndroid. If you have a
firewall active, you may need to configure it - see NetworkAccess
at the end of the document. On Windows you may get a firewall
security alert for the Java runtime when you first run PCSecrets,
which you should allow (unblock).

GettingStarted

When first run the program will prompt for an initial password. Try
not to use a simple password - a mixture of letters, numbers and
special characters but no spaces (leading, trailing or embedded) is
recommended - and don't forget it! Subsequent executions of the
program will require the same password to be provided - if you can't
then your secrets will not be accessible. The password can be reset
by providing a new one, but all existing secrets will be lost. There
is no way to recover a forgotten password.

(Password advice is provided at the end of the document.)

Although your initial password cannot contain spaces (because your
can provide two - see below), subsequently you can change the
password to anything you like, including spaces.

Optional second set of secrets

You can initially provide two passwords i.e. separated by a space. In
this case you actually create two sets of secrets, independently
encrypted and independently accessible. When you subsequently start
PCSecrets, you can provide either password to access the
corresponding set of secrets.

The two sets of secrets are stored as a single chunk of binary data,
combined with a random amount of randomly created “junk” data (so
you can’t infer the existence of a second set by the file size).
Externally it is not detectable that two sets of secrets exist, so if
someone were to force you to reveal the password(s) to your secrets,
you could deny that a second set of secrets existed without anyone
being able to prove otherwise. This is known as plausibledeniability.

The Main Window

The main window shows a list of secrets on the left, and a panel
showing the details of the selected secret on the right. Beneath
these is a row of buttons. The buttons below the list apply to your
secrets as a whole; those below the details panel apply to the
current secret or data in the form.

Creating a secret

To create a new secret, simply type your data into the details panel
and click "Create". The description of the secret
becomes its name, that is shown in the list on the left. (The term
"description" is used to make it compatible with SecretsforAndroid- in data terms it is the
key of the record.) The set of fields that make up a secret are the
same as used by SecretsforAndroid,
and all values are optional apart from "description".

Create will be ignored if a secret with the same description already
exists. Descriptions are case-insensitive.

The "Clear" button is provided as a quick way to clear the
details panel of values before creating a new secret.

Updating a secret

Select the secret by clicking on its entry in the list. Make your
changes and click "Update".

If you change the description, you are now dealing with a different
secret (because you've changed the key). If it doesn't exist, update
will be ignored. You can copy a secret by selecting it, giving it a
new description and clicking "Create".

If you modify a secret but forget to click "Update", the
changes will not be saved.

Deletingasecret

Select the secret (or type its name in the description field) and
click "Delete". If you attempt to delete a secret that does
not exist, the request is ignored.

Saving

Click "Save all" to save changes to disk. If changes have
been made and you exit the program without saving, you will be
prompted to do so. If you do exit the program without saving, changes
made since the last save will be lost.

Importandexport

Secrets can be imported and exported in CSV, JSON and XML formats.

CSV is a simple and commonly used data exchange format.

Both JSON and XML are more complex, and can be used by applications
exporting data in many different ways. Rather than support data
exported from specific applications, PCSecrets implements a
generalised import facility for JSON and XML. It attempts to identify
elements within the data that are potentially a source of secrets -
repeated elements with simple values (these collections of repeated
elements are assumed to be homogeneous, otherwise the task would be
impossibly complex). You are presented with a list of these candidate
subsets to inspect so you can choose the most suitable.

Import a file

To import secrets from an external file, select File->Import…
Use the selection dialog to help locate the file to be imported and
click "Open".

ForaCSVfile...

The subsequent Input Field Names dialog identifies the field names
from the CSV header record, if present, or numbers the fields
sequentially if there is no header. By clicking “Continue” you
are taken to the common Mapping dialog.

ForaJSONorXMLfile...

After opening the file, a dialog shows what (if any) subsets of
potentially useful data were found in the structured data. Click
“Details” in any row to see more information about them. Choose
one of the subsets and click “Continue”.

Mappingdialog

This dialog allows you to map the fields in the input data to secrets
fields. The initial mapping shown is based on matching field names.

To change any mapping, click the Input field name in the Mapping
section and choose a field from the dropdown. If there is no suitable
mapping for the secrets field, choose “none”. An input field can
be used more than once.

A Timestamp field is used to give a secret a last updated time
and is used during synchronization.

When the mapping is correct, click "Import".

ExporttoaCSV/JSON/XMLfile

Select File->Export...

Choose a location for the exported file, provide a file name, choose
the file format and click "Save".

Be aware that secrets are exported in clear text, so be sure to
delete the file as soon as possible, preferably with a command or
program that overwrites the data e.g. shred.

Synchronizing with SecretsforAndroid

The PCSecretssyncagent needs to
be installed on the Android device alongside SecretsforAndroid.

Synchronization takes place wirelessly. It requires your Android
device to be connected to the local wifi network. Your firewall rules
may need to be adjusted to allow for Java inbound UDP and TCP
transmissions. On Windows, if your local network is marked as
“Private/Work” then firewall rules should not need to be
adjusted.

No other network configuration is necessary - the agent and PCSecrets
should detect each other automatically.

To synchronize your secrets, click the PCSecrets "Sync"
button and the program will wait for the agent to connect. This must
be done before selecting the “Sync” option in SecretsforAndroid.

Synchronization password

Secrets are exchanged with the device only in encrypted format, and
the password that will be used for this synchronization process must
be specified in both PCSecrets and SecretsforAndroid. This password does not have to the the same one
either uses for storing their secrets, but it must be the same
password at each end of the exchange.

PCSecrets will by default use the same password that it uses
for storing secrets. Alternatively you can set a preference so you
are asked for a different password when "Sync" is clicked.

On the Android device you provide the password by configuring it in
the PCSecretssyncagent. You do
this by creating a special secret in SecretsforAndroid, as described in the agent documentation.

The synchronization process

The program will automatically try to make the secrets in each
location the same. In doing this, it follows these rules:

A secret that:

exists only in one location is created in the other

has been updated in one location is copied to the other *

has been deleted in one location is deleted from the other *

* provided that the secret in the other location has not itself been
modified since the last sync operation. If it has been, a conflict
exists which the program cannot resolve automatically, and you will
have to indicate what you want it to do. The program will open the
sync window so you can do this.

Normally the sync window will only be shown if a conflict exists that
you have to resolve. If there are no conflicts the sync operation
will complete automatically. Alternatively, you can set a preference
so that the sync window is always shown even though they are no
conflicts. You may want to do this so you can see exactly what is
going on.

TheSyncwindow

The sync window shows the list of all secrets on the left, and two
panels on the right which show the contents of the selected secret on
the PC and on the mobile device. Items in the list are colour coded
to show their status, and checkboxes can be used to show or hide the
different categories.

By default only secrets that differ between platforms are shown,
although all secrets can be shown by checking the "Show
unchanged" checkbox.

Everything except conflicts are shown for information only and
require no action - if secrets differ, the program determines where
the latest version is and automatically uses it to update the other
location. Note that the content panels are normally read-only; only
in the case of a conflict will you have the opportunity to modify the
contents of a secret.

Conflicts are always shown and must be resolved before the sync
operation can be completed. If you cancel the sync operation no
changes are made.

Resolvingconflicts

A conflict occurs if a secret has been modified on both the PC and
device, or been changed on one and deleted from the other, since the
last sync operation. In both cases, the user has to indicate how to
proceed, as follows.

If modified in both locations

Select the conflicting secret in the list window. The contents of the
secret on PC and device are shown in the corresponding panels. You
should update the PC secret to reflect the correct secret contents,
and click "Mark as merged". If the PC secret is already the
correct content, just click "Mark as merged". If the device
secret is the correct version, click "Copy to PC Secret"
and then "Mark as merged".

When the sync completes, the PC secret will replace the device
secret.

Ifmodifiedinonelocationanddeletedfromtheother

Select the conflicting secret in the list window. The PC and device
panels will show in which location the secret has been deleted. Your
choices are:

If the deletion is correct i.e. you want the secret also to be
deleted from the location where it remains, click "Confirm
deletion"

If the deletion is not correct i.e. you want the secret to be
reinstated in the location from where it was deleted, click
"Undelete". When the sync completes, the secret will be
reinstated from the existing copy.

When all conflicts have been resolved, click the “Complete Sync”
button (which will be now be enabled) to complete the sync operation.

Synctimeout

By default SecretsforAndroid
will only wait for two minutes for the sync operation to complete.
This is so communication won't hang forever if sync was selected and
PCSecrets is not active, or if there is some communication
problem. You can change this value in the agent configuration in
SecretsforAndroid.

If the operation does timeout before it completes, no changes are
made. The operation can simply be retried.

Syncwithtwosetsofsecrets

SecretsforAndroid does not
support the idea of having more than one set of secrets. Sync simply
operates with the set of secrets that is currently being accessed in
PCSecrets.

View sync devices

Selecting View-Devices on the menu bar lets you view details of the
Android devices that have synchronized with the program. Each device
is identified by its Android device id, but the device view allows
you to provide a “friendly” name for future identification.

Preferences

Access via the File->Preferences... menu option. The Preferences
window is divided into these sections:

Sync

Here you can change the port numbers used by the program. This would
only normally be necessary if the ports are in use. Note that this
requires a change to the SecretsforAndroid
sync agent configuration so the same port is used.

Backup

Backups can be automatically created whenever a save is performed.
The number of backup files that are kept can be specified - when the
number is reached, the oldest file is deleted when a new one is
created.

To make use of a backup, simply copy it to the PCSecrets
directory, and rename it to secrets.dat
after removing the existing one. Remember that if you have changed
your password, you will need to use the password that was current
when the backup was created.

Key Setup

This allows you to specify how long the encryption key setup phase
should take (described earlier). By default this is set to one
second. The value is specified in milliseconds.

Any change does not take effect until the encryption ciphers are
regenerated. You trigger this by selecting the RegenerateCiphers option of the File menu. The secrets are saved at
the same time.

The ciphers are also regenerated when you change the password.

The current key length is also shown. This is for information only
and cannot be changed. If PCSecrets is using a 128-bit key
because of the current installation, it will show here.

Look and Feel

Allows the look and feel of the UI to be changed. The default is the
Java “Nimbus” Look and Feel (LAF).

There is a LAF for each system that emulates the native look of the
system’s user interface.

For the Mac platform, the native LAF is “Aqua”. However, there is
a problem (possibly just Java 6 on OS X, following “Java for OS X
2013-004” update) with this LAF not displaying certain dialogs. So
you should be wary of using it. The properties dialog may not display
using Aqua under these circumstances, which means that you cannot
reset the LAF once Aqua is selected! You would have to manually edit
the pcsecrets.prop
file and remove the lookAndFeel entry so
the LAF would return to the default.

Log level

You can set the log level for diagnostic purposes. The log is created
in the home directory and named java{n}.log.

By default the log level is set to warning. Be aware that with
the log level set to a finer level (info or fine)
diagnostic information may be written to the log that could be used
to compromise the security of your secrets. So do not as a matter of
course set the log level below warning, and if you do, make
sure you reset the log level afterwards and securely delete the Java
logs.

AES 256-bit encryption support and Java JDKs

Oracle/Sun Java is subject to US export controls and by default is
limited to 128-bit encryption. In order to enable 256-bit support,
you must install the “Java Cryptography Extension (JCE) Unlimited
Strength Jurisdiction Policy Files”. These can be downloaded in a
zip file from the Oracle website, and simply involves copying the two
policy files local_policy.jar
and US_export_policy.jar
into the Java runtime, replacing the versions already there.

PCSecrets will show you the location of the Java runtime it is
using - select Help->System info and look for the “java.home”
value. Simply append “\lib\security”
to this value to determine the target directory for the policy files.

For Windows, a typical example would be

c:\ProgramFiles\Java\jre7\lib\security

although this will vary depending on whether you are using Java 6,
have a 64 bit installation, or using a JDK.

OpenJDK, which is Oracle’s open-sourced version of Java, is not
subject to these controls and is automatically enabled for 256-bit
encryption. Unfortunately the OpenJDK distribution is only available
for Linux.

The simplest approach is to use OpenJDK if it is available for your
system. If you have to use Oracle/Sun Java, you must install the
policy files as described.

After installing the new policy files, you must have PCSecrets
recognize the new 256-bit capability by restarting it and selecting
the File -> Regenerate ciphers menu action.

But do you really need 256-bit encryption?

The simple answer is: not really. The time it would take for the
fastest supercomputer in existence to crack 128-bit AES encryption
that used a truly random key is a lot longer than the
remaining lifetime of our planet (4-5 billion years). The fact that
256-bit encryption would take even longer is therefore pretty
academic.

Passwords

The key point above is the use of a trulyrandomkey. When the key is derived from a password typed via a
keyboard and not being specified directly (i.e. by providing a raw
128- or 256-bit string), the number of possible keys is considerably
reduced. The problem for a cracker changes from trying every possible
combination of bits in the key to trying possible passwords - a much
smaller problem.

The complexity of your password determines the effective key
length of the encryption, which in most cases will be far less than
the theoretical 128 or 256 bits. For example, a typical 8 character
password chosen from an "alphabet" of 94 characters has
been estimated to have an effective key length (“entropy”) of 18.
Similarly, a 12 character password has an effective key length of 34,
and a 20 character password a key length of 42.

The message is therefore that in order to be as secure as possible,
you should choose as long and complicated a password that you can
remember - the longer and more complex the better. PCSecrets
doesn’t limit the length of password you can use, or the characters
in it (apart from the initial password which cannot have spaces).
Longer passwords needn't be too hard to remember - one suggestion is
a mnemonic created using the first letter of each word in a verse of
your favourite song.

The internet has lots of advice on password selection.

Network Access

If you have a firewall active you may need to configure it otherwise
the sync feature will not work.